which kind of info.

Version

config

fail over config

ASA# show failover
Failover On
Failover unit Primary
Failover LAN Interface: FL-interface Port-channel2 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 35 of 1043 maximum
MAC Address Move Notification Interval not set
Version: Ours 9.12(2), Mate 9.12(2)

This host: Primary
Group 1 State: Active
Active time: 69343 (sec)
Group 2 State: Active
Active time: 69238 (sec)

slot 0: FPR-2130 hw/sw rev (49.46/9.12(2)) status (Up Sys)
admin Interface out (20.40.20.161): Normal (Waiting)
admin Interface notused (0.0.0.0): Normal (Waiting)
admin Interface test_mgmt (192.168.1.1): Normal (Monitored)


Other host: Secondary
Group 1 State: Failed
Active time: 3 (sec)
Group 2 State: Standby Ready
Active time: 147 (sec)

slot 0: FPR-2130 hw/sw rev (49.46/9.12(2)) status (Up Sys)
admin Interface out (0.0.0.0): No Link (Waiting)
admin Interface no (0.0.0.0): Normal (Waiting)
admin Interface test_mgmt (192.168.1.2): Normal (Monitored)

Stateful Failover Logical Update Statistics
Link : state-interface Port-channel2.1 (up)
Stateful Obj xmit xerr rcv rerr
General 7655259088 0 9697939 65
sys cmd 7689514 0 7689511 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 7425396031 0 1768835 10
UDP conn 183195261 0 128711 0
ARP tbl 38950028 0 110605 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 14728 0 139 0
VPN IKEv1 P2 11476 0 135 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 434 0 0 0
SIP Tx 310 0 0 0
SIP Pinhole 0 0 0 0
Route Session 782 0 0 55
Router ID 0 0 0 0
User-Identity 524 0 3 0
CTS SGTNAME 0 0 0 0
CTS PAC 0 0 0 0
TrustSec-SXP 0 0 0 0
IPv6 Route 0 0 0 0
STS Table 0 0 0 0
Umbrella Device-ID 0 0 0 0

Logical Update Queue Information
Cur Max Total
Recv Q: 0 33 67722857
Xmit Q: 0 174 7801599118

Still config is missing in this post as we requested, based on show failover here is my observation to check and fix :

his host: Primary
Group 1 State: Active
Active time: 69343 (sec)
Group 2 State: Active
Active time: 69238 (sec)

slot 0: FPR-2130 hw/sw rev (49.46/9.12(2)) status (Up Sys)
admin Interface out (20.40.20.161): Normal (Waiting)
admin Interface notused (0.0.0.0): Normal (Waiting)
admin Interface test_mgmt (192.168.1.1): Normal (Monitored)


Other host: Secondary
Group 1 State: Failed
Active time: 3 (sec)
Group 2 State: Standby Ready
Active time: 147 (sec)

slot 0: FPR-2130 hw/sw rev (49.46/9.12(2)) status (Up Sys)
admin Interface out (0.0.0.0): No Link (Waiting)
admin Interface no (0.0.0.0): Normal (Waiting)
admin Interface test_mgmt (192.168.1.2): Normal (Monitored)

Some guide Lines :

https://myitmicroblog.svbtle.com/asa-activeactive-failover-why-the-interface-status-is-unknownwaitingfailednotmonitored

I have an interface which is up on the active node and down on the standby node. can this caused the failover to fail ?

show us more information - related to config and what interface going down, we been asked this before, to get the right suggestion we need the right information,  we only guess the suggestions maybe not right to fix in time.

which config do you want ? commands ..

failover
failover lan unit primary
failover lan interface FL-interface Port-channel4
failover link state-interface Port-channel4.2
failover interface ip FL-interface 10.10.10.254 255.255.255.252 standby 10.10.10.253
failover interface ip state-interface 10.10.10.80 255.255.255.252 standby 10.10.10.81
failover group 1
preempt
failover group 2
secondary
preempt

Hi Community

I would like to know if the community has had experiences or any discussion about the best practices to migrate two ASA firewalls in standalone mode operating in a critical network.

The process is to migrate the two ASAs to new Firepower hardware with ASA image. in Multiple Context and Failover Active Active.

Each ASA old ASA will pass as a Context on the new hardware. It is very interesting what I should do so I would like to know about the experiences in these cases.

In other words, Best practices for hardware migration from ASA Firewall to Firepower 2100 with active active failover ASA image and multiple contexts within a network in critical operation.

Thank you in advance, Community

i woluld suggest to open a new thread, this thread have different issue.

Thanks Balaji. I did that yesterday, I hope any comments. I had been looking into the community and no similar case

Regards